Tag Archives: Inc.;

In yet another ruling highlighting the reckless practice of relying on mere screenshots to present social media evidence, a Massachusetts Appellate Court ruled a Facebook post submitted by the prosecution in a recent criminal case to be inadmissible as evidence. In Commonwealth v. Banas, 2014 WL 1096140 (March 21, 2014), the State introduced the Facebook post in the form of a printout of a screenshot without any additional circumstantial evidence to establish authenticity. The court explained that further information beyond the screenshot itself was required to establish a proper foundation for the Facebook post.

The court followed the case of Commonwealth v. Purdy, 459 Mass. 442, 447 (2011), which held that “evidence that . . . originates from an e-mail or a social networking Web site such as Facebook or MySpace that bears the defendant’s name is not sufficient alone to authenticate the electronic communication as having been authored or sent by the defendant.” And Commonwealth v. Williams, 456 Mass. 857, 869 (2010), where the Court held that evidence that “a message was from an individual’s Web page was not sufficient to authenticate that the individual wrote the message. Evidence of additional confirming circumstances is needed to authenticate the message.” Similarly in State of Connecticut v. Eleck, 2011 WL 3278663 (Conn.App. 2011), a Connecticut appellate court noted that while the emergence of social media evidence does not necessarily require new rules of evidence, “circumstantial evidence that tends to authenticate a communication is somewhat unique to each medium.”

Social media provides torrential amounts of evidence potentially relevant to litigation matters, with courts routinely facing proffers of data preserved from various social media websites. This evidence must be authenticated in all cases, and the authentication standard is no different for website data or chat room evidence than for any other. Under Federal Rule of Evidence 901(a), “The requirement of authentication . . . is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” United States v. Simpson, 152 F.3d 1241, 1249 (10th Cir. 1998).

Ideally, a proponent of the evidence can rely on uncontroverted direct testimony from the creator of the web page in question. In many cases, such as in the Banas case where incriminating social media evidence is at issue, that option is not available. In such situations, the testimony of the examiner who preserved the social media or other Internet evidence “in combination with circumstantial indicia of authenticity (such as the dates and web addresses), would support a finding” that the website documents are what the proponent asserts. Perfect 10, Inc. v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154. (emphasis added) (See also, Lorraine v. Markel American Insurance Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and referencing MD5 hash values as an additional element of potential “circumstantial indicia” for authentication of electronic evidence).

One of the many benefits of X1 Social Discovery is its ability to preserve and display all the available “circumstantial indicia” or “additional confirming circumstances,” to borrow the Perfect 10 and Banas courts’ terms respectively, to the user in order to present the best case possible for the authenticity of social media evidence collected with the software. This includes collecting all available metadata and generating a MD5 checksum or “hash value” of the preserved data for verification of the integrity of the evidence. It is important to collect and preserve Tweets, Facebook, Instagram and LinkedIn entries in a thorough manner with best-practices technology specifically designed for litigation purposes. For instance, there are over twenty unique metadata fields associated with individual Facebook posts and messages. Any one of those entries or a combination of them contrasted with other entries can provide unique circumstantial evidence that can establish foundational proof of authorship. (We identify the nearly two dozen fields of unique Twitter metadata in our white paper available here).

When lawyers and their service providers rely on simple screen captures, printouts or even compliance archiving solutions that fail to collect and preserve all key metadata to admit social media into evidence, they run a significant risk of having key evidence in support of their client’s case disallowed by the court.

For this week’s entry, we have a rundown of recent developments in the world of social media evidence from some reputable sources.

KL Gates Social Media Analysis. To start off, our previous entry discussed the case of Richards v Hertz Corp., underscoring that any law firm defending or prosecuting personal injury claims, as well as their hired eDiscovery consultants, should be investigating social media sites for source evidence as a matter of course. The same is true for employment law matters and top 10 law firm K&L Gates (which has the best eDiscovery blog of any law firm in my opinion – eDiscoverylaw.com) has a great write-up of E.E.O.C. v. Original Honeybaked Ham Co. of Georgia, Inc, where social media evidence is playing a key role in that case, prompting the court to issue a broad discovery order for social media. Again, nothing really new here – just further reinforcement of the standardization of social media evidence.

Law Review and Social Media Evidence. This year, several reputable law reviews and other legal treatises have published important and very useful research notes on social media evidence. These resources are subscription only for those with access to Westlaw, but the following are a select list with cites to the articles that I found most useful:

Netflix CEO in Hot Water with SEC over Facebook Post. Netlix CEO Reed Hastings congratulated his team for a job well done in early July on his public Facebook page, and now the SEC is investigating whether he violated investor fair disclosure rules. His message was only 43 words, boasting of increased subscribership and usage of online videos, which could be construed as material non-public information related to financial reporting. This incident obviously highlights the importance of social media monitoring consisting of best practices as part of a corporate social media compliance program.

In recent posts, we have addressed the issue of evidentiary authentication of social media data. (See previous entries here and here). General Internet site data available through standard web browsing, instead of social media data provided by APIs or user credentials, presents slightly different but just as compelling challenges.

The Internet provides torrential amounts of evidence potentially relevant to litigation matters, with courts routinely facing proffers of data preserved from various websites. This evidence must be authenticated in all cases, and the authentication standard is no different for website data or chat room evidence than for any other. Under Federal Rule of Evidence 901(a), “The requirement of authentication … is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” United States v. Simpson, 152 F.3d 1241, 1249 (10th Cir. 1998).

Ideally, a proponent of the evidence can rely on uncontroverted direct testimony from the creator of the web page in question. In many cases, however, that option is not available. In such situations, the testimony of the viewer/collector of the Internet evidence “in combination with circumstantial indicia of authenticity (such as the dates and web addresses), would support a finding” that the website documents are what the proponent asserts. Perfect 10, Inc. v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154. (emphasis added) (See also, Lorraine v. Markel American Insurance Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and referencing MD5 hash values as an additional element of potential “circumstantial indicia” for authentication of electronic evidence).

One of the many benefits of X1 Social Discovery is its ability to preserve and display all the available “circumstantial indicia” – to borrow the Perfect 10 court’s term — to the user in order to present the best case possible for the authenticity of Internet-based evidence collected with the software. This includes collecting all available metadata and generating a MD5 checksum or “hash value” of the preserved data.

But html web pages pose unique authentication challenges and merely generating an MD5 checksum of the entire web page, or just the web page source file, provides limited value because web pages are constantly changing due to their very fluid and dynamic nature. In fact, a web page collected from the Internet in immediate succession would very likely calculate two different MD5 checksums. This is because web pages typically feature links to many external items that are dynamically loaded upon each page view. These external links take the form of cascading style sheets (CSS), graphical images, JavaScripts and other supporting files. This linked content can be stored on another server in the same domain, but is often located somewhere else on the Internet.

When the Web browser loads a web page, it consolidates all these items into one viewable page for the user. Since the Web page source file contains only the links to the files to be loaded, the MD5 checksum of the source file can remain unchanged even if the content of the linked files become completely different. Therefore, the content of the linked items must be considered in the authenticity of the Web page. X1 Social Discovery addresses these challenges by first generating an MD5 checksum log representing each item that constitutes the Web page, including the main Web page’s source. Then an MD5 representing the content of all the items contained within the web page is generated and preserved.

To further complicate Web collections, entire sections of a Web page are often not visible to the viewer. These hidden areas serve various purposes, including metatagging for Internet search engine optimization. The servers that host Websites can either store static Web pages or dynamically created pages that usually change each time a user visits the Website, even though the actual content may appear unchanged.

In order to address this additional challenge, X1 Social Discovery utilizes two different MD5 fields for each item that makes a Web page. The first is the acquisition hash that is from the actual collected information. The second is the content hash. The content hash is based on the actual “BODY” of a Web page and ignores the hidden metadata. By taking this approach, the content hash will show if the user viewable content has actually changed, not just a hidden metadata tag provided by the server. To illustrate, below is a screenshot from the metadata view of X1 Social Discovery for website capture evidence, reflecting the generation of MD5 checksums for individual objects on a single webpage:

The time stamp of the capture and url of the web page is also documented in the case. By generating hash values of all individual objects within the web page, the examiner is better able to pinpoint any changes that may have occurred in subsequent captures. Additionally, if there is specific item appearing on the web page, such as an incriminating image, then is it is important to have an individual MD5 checksum of that key piece of evidence. Finally, any document file found on a captured web page, such as a pdf, Powerpoint, or Word document, will also be individually collected by X1 Social Discovery with corresponding acquisition and content hash values generated.

We believe this approach to authentication of website evidence is unique in its detail and presents a new standard. This authentication process supports the equally innovative automated and integrated web collection capabilities of X1 Social Discovery, which is the only solution of its kind to collect website evidence both through a one-off capture or full crawling, including on a scheduled basis, and have that information instantly reviewable in native file format through a federated search that includes multiple pieces of social media and website evidence in a single case. In all, X1 Social Discovery is a powerful solution to effectively collect from social media and general websites across the web for both relevant content and all available “circumstantial indicia.”

As the realization that social media is relevant to just about every form of litigation gains critical mass, the question turns to what is the most effective discovery process to obtain production of non-public social media evidence from opposing parties and witnesses. Public information is obviously available on the internet, but for obtaining messaging and social media posts that sit behind privacy settings or are archived, a body of case law is emerging that delineates effective as well as ineffective protocols for obtaining discovery of this information. We briefly outline here three potential approaches.

1. Direct Subpoena from Social Media Provider: The initial instinct of many lawyers is to seek production directly from the social media sites themselves though a subpoena duces tecum. However, case law strongly suggests this approach faces significant roadblocks or at best delayed discovery. For instance, in Crispin v. Christian Audigier, Inc., (2010) the Central District of California determined that social networking web sites are electronic communication services (“ECS”) providers under the law and thus any private messaging and posts on such site are subject to the Stored Communications Act (“SCA”). As a result, the court granted the plaintiff’s motion to quash subpoenas seeking private user information on Facebook and MySpace . The feedback from our law firm customers is that the social networking sites are consistently pushing back on all civil discovery subpoenas, citing the SCA.

2. Self-Production from Opponent: This method is employed through a traditional document production request. Requesting self-collection and subsequent production will not likely yield a complete data set given there is no guarantee that the opponent or third-party witness will employ best practices to preserve and collect their social media accounts. For instance, the self-collection “Download Your Information” feature in Facebook omits key information from the downloaded account and will not preserve the over 20 unique metadata fields associated with each Facebook item. As far as Twitter, it is virtually impossible to collect all the Tweets of a user without best practices eDiscovery software specifically designed for the task. As such, there are significant limitations on the value of social media data self-collected by an adversary or third party witness.

3.Production of Credentials. The emerging preferred approach is theproduction of username and password directly from an opposing party or witness. This approach is favored as it allows for the rapid, comprehensive and defensible collection of all data, including all available metadata fields with best practices technology once the credentials are obtained. The process was employed in Zimmerman v. Weis Markets, Inc. (2011) and McMillen v. Hummingbird Speedway, Inc. (2010), where the respective courts compelled production of the plaintiffs’ credentials after a noticed motion, but we are getting reports of the voluntary production of user names and passwords in meet and confer sessions.

We talk about these concepts and their technical implementation in further detail in our webinar on eDiscovery for Social Mediawith Eric Laykin, eDiscovery co-practice leader at Duff & Phelps.